Thursday, August 10, 2017

It turns out that scooping a juicy bug bounty reward from Google is as easy as tampering with its host header – or at least this is what one crafty Uruguayan highschooler with cybersecurity ambitions did to pull it off. The Big G has rewarded Ezequiel Pereira with a $10,000 bug bounty after the independent security researcher came across a vulnerability that allowed coaxing one of the company’s back-end servers into granting attackers access to confidential data. Aimlessly toying around with some Google services, the resourceful highschool researcher discovered that using popular vulnerability scanner Burp Suite to modify the host header…